EUVD-2020-20886

Malware in sbrugna...

Command Injection

npm-help is vulnerable to command injection. The vulnerability exists in the export.latestVersion function in index.js which allows an attacker to inject and execute malicious commands...

CVE-2020-28445

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion function...

Design/Logic Flaw

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion function...

CVE-2020-28445

CVE-2020-28445 affects the npm-help package. The vulnerability is in the function export.latestVersion() in index.js (line 13), enabling command injection . Multiple sources describe a global impact across all versions and highlight that an attacker can inject and execute commands (as shown in th...

CVE-2020-28445 Command Injection

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion function...

PT-2022-8897 · Npm · Npm-Help

Name of the Vulnerable Software and Affected Versions: npm-help affected versions not specified Description: The issue affects the npm-help package, with the injection point located in line 13 of the index.js file, specifically in the export.latestVersion function. Recommendations: At the moment,...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 13 in index.js file in export.latestVersion function. PoC: var root = require"npm-help"; var module = "& touch JHU"; root.latestVersionmodule; Remediation There is no fixed versi...